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CLAIMS .. . 

1. Access control method controlling access to a 
broadcast digital dataflow previously scrambled using 
an encryption key CW transmitted in encrypted form in 
an entitlement control message ECM also including at 
5 least one access control criterion CA, said numeric 
data possibly being recorded as such in a receiving 
terminal or decrypted during transfer, characterised in 
that the method includes the following steps: 

on transmission: 
10 - generating an entitlement control message R-ECM C 

for recording the content of the flow as a function of 
a recording key KR C and at least one criterion CRR 
defining a right to record, 

- generating an entitlement control message P-ECMc 
15 controlling access to play back the content of the 

recorded flow as a function of a playback key KP C and 
at least one criterion CRP defining a right to play 
back, and 

on reception: 
20 - analysing the message R-ECM C , and 

- authorising the recording if the criterion CRR 
is verified, otherwise prohibit recording, 

- analysing the message P-ECM C , and 

- authorising the playback if the criterion CRP is 
25 verified, otherwise prohibit the playback. 



2. Method set forth in claim 1, characterised in 
that the keys CW, KRc and KP C are encrypted by a first 
service key K s . 
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3. Method set forth in claim 1, characterised in 
that the keys CW, KRc and KP C are encrypted by three 
different service keys, namely K s , K SR and K S p 

5 respectively 

4. Method set forth in either claim 2 or 3, 
characterised in that the sending phase includes the 
following steps : 

10 for each dataflow: 

breakdowning the scrambling period into a 
sequence of crypto-periods CPi each defining a validity 
duration of an individual key CW if and at: each crypto- 
period change, 

15 - scrambling the content of the flow using the key 

CWi, and memorise a value p(i) representative of the 
parity of i,ing an entitlement control message SC-ECMi 
as a function of the previously defined encryption keys 
CWi-i, CW if CW i+ i, the value p(i) and the criterion CA if 

20 said message SC-ECMi being intended to transport access 
rights to a data segment Si corresponding to at least 
two crypto-periods , 

- encrypting the keys CWi- 1# CW if CW i+ i using the 
playback key KP C , 

25 - encrypting the result of the encryption in the 

previous step using a second service key K' s , 

- encrypting the result of the encryption in the 
previous step using the recording key KRc. 
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5. Method set forth in either claim 2 or 3, 
characterised in that the sending phase includes the 
following steps: 

for each dataflow: 
5 - breakdowning the scrambling period into a 

sequence of crypto-periods CPi each defining a validity 
duration of an individual key CWi, and at each crypto- 
period change, 

- scrambling the content of the flow using the key 
10 CWi, and memorise a value p(i) representative of the 

parity of i, 

- calculating an entitlement control message SC- 
ECMi as a function of the previously defined encryption 
keys CWi-!, CW ± , CW i+ i, the value p(i) and the criterion 

15 CAi, said message SC-ECMi being intended to transport 
access rights to a data segment S ± corresponding to at 
least two crypto-periods, 

- encrypting the keys CWj-i, CW ± , CW i+1 using a 
second service key K' S / 

20 - encrypting the result of the encryption in the 

previous step using the key KP C , 

- encrypting the result of the encryption in the 
previous step using the recording key KR<> 

25 6. Method set forth in either claim 4 or 5, 

characterised in that the emission phase also includes 

the following steps: 

calculating the entitlement control message 

ECMi = f [ (ECWi,OCWi,CA) ] wherein ECW A and OCWi represent 
30 the even and odd control words previously encrypted 

using a first service key K s , respectively, 
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ECWi=CWi if i is even, otherwise ECWi=CWi+l; 
OCWi=CWi if i is odd, otherwise 0CWi=CW i+1 ; 

broadcasting parameters in the ECM signal, 
identifying the ECM channels attached to the service 
5 broadcasting the content of messages ECM ± , P-ECM C , R- 
ECM C , SC-ECMi, 

- providing the ECM±, P-ECM C , R-ECM C , SC-ECMi 
messages to the receiving terminal. 

0 7. Method set forth in claim 6, characterised in 

that the ECM ± , P-ECM C , R-ECM C , SC-ECMi messages are 
broadcast on ECM channels associated with the content 
of segment Si. 

5 8. Method set forth in claim 6, characterised in 

that the R-ECM message is output to the receiving 
terminal on request from an Authorisation Server at the 
network entry. 

0 9. Method set forth in claim 6, characterised in 

that the P-ECM message is output to the receiving 
terminal on request from an Authorisation Server at the 
network entry. 

5 10. Method set forth in claim 7 , characterised in 

that the reception phase includes the following steps: 

recovering the ECM channel from the ECM A 
message, using the signal attached to the service 
broadcasting the dataflow, and at each change of i, 

) - analysing the message ECMi so as to recover the 

even control word OCW and the odd control word ECW, to 



EV 916337550 US 



24 Docket No. 034299-705 



descramble the content of the broadcast flow so as to 
obtain direct access to this content. 

11. Method set forth in claim 7, characterised in 
5 that the reception phase includes the following steps: 

- recovering the ECM channel from the P-ECMc, R- 
ECM C , SC-ECMi messages, from the signal attached to the 
service broadcasting the content; 

- analysing the R-ECM C message to verify record 
10 access criteria CRR, 

- memorising the recording key KRc; 

- recovering the message P-ECM C and store it with 
the content; and 

for each crypto-period i: 
15 — recovering the message SC-ECMi, 

decrypting the message SC-ECMi using the 
recording key KR C , and 

- recording the decrypted message SC-ECMi with the 
content. 

20 

12. Method set forth in claim 7, characterised in 
that playback access to the content in the recorded 
flow is obtained according to the following steps: 

- recovering the message P-ECM C in the content and 
25 analyse it to verify read access criteria CRP, 

- memorising the playback key KP C ; and 

- recovering the current SC-ECMi message in the 
content; 

- decrypting the SC-ECMi message with the playback 
30 key KP C and verify access criteria, 
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- recovering the encrypted keys GWi- x , CW ±/ CW i+ i and 
the value p(i) indicating the parity of i, and 

- decrypting said keys depending on the read 
direction to deduce ECW and OCW from them; then 

5 - applying either ECW or OCW to descramble the 

content when playing back. 

13. Method set forth in claim 7 f characterised in 
that access to play back the content of the flow is 

10 obtained according to the following steps: 

- recovering the message P-ECM C in the content , 

- analysing the message P-ECM C to verify read 
access criteria CRP, " : " 

- memorising KP C , and 

15 - recovering the current SC-ECMi message in the 

content, 

- decrypting the SC-ECMi message with the second 
service key K' s and verify access criteria, 

- recovering the encrypted keys CWi-i, CW if CW i+ i and 
20 the value p(i) indicating the parity of i, and 

- decrypting said keys depending on the direction 
of reading to deduce ECW and OCW; then 

- applying either ECW or OCW to descramble the 
content . 

25 

14. Method set forth in either claim 11 or 12, 
characterised in that the reception phase also includes 
the following steps: 

- generating a local key Ki from attributes 
30 contained in the message R-ECM and at least one 
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parameter related to the identity of the receiving 
terminal, 

locally over-encrypting the content to be 
recorded with this key Kj. 
5 - when playing back, regenerating the key Ki using 

attributes contained in the message P-ECM and at least 
one parameter related to the identity of the receiving 
terminal, 

decrypting the recorded content using the 
10 regenerated key Ki. 

15. Method set forth in one of claims 1 to 14, 
characterised in that the broadcast digital data 
represent audiovisual programs. 

15 

16 . Access control system controlling access to a 
digital dataflow including a scrambling platform (2) 
including at least one generator of entitlement control 
messages ECM and at least one descrambling receiver (4) 

20 provided with a security processor (14), characterised 
in that the scrambling platform (2) also includes: 

- a generator of entitlement control messages R- 
ECM C when recording the content of the received flow 
and a generator of entitlement control messages P-ECMc 

25 when playing back the content of a recorded flow, and 
in that the descrambling receiver (4), includes: 

- means of recovering the ECM channel from P-ECM C , 
R-ECMc messages, 

- means of decrypting the content of a received 
30 flow to record it, and 
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- means of decrypting the content of a recorded 
flow to play it back, 

17. System set forth in claim 16, characterised in 
5 that the descrambling receiver (4) also includes means 

of generating a. local key K z from attributes contained 
in the R-ECM C message and the identity of the receiving 
terminal to locally encrypt /decrypt the content of the 
received flow. 

10 

18. Scrambling platform (2) including at least one 
generator of entitlement control messages ECM 
controlling access to a dataflow broadcast in scrambled 
form, characterised in' that it also includes a 

15 generator of entitlement control messages R-ECM C to 
control recording the content of a received flow and a 
generator of entitlement control messages P-ECMc to 
control play back the content of a recorded flow. 

20 19. Scrambling platform set forth in claim 18, 

characterised in that it includes: 

- means of breaking down the scrambling period 
into a sequence of crypto-periods CPi each defining a 
validity duration of an individual key CWi, 

25 - means of encrypting the content of the flow at 

each change of the crypto-period i using the key CW ± , 

- means of calculating an entitlement control 
message SC-ECMi as a function of the keys CW^, CWi,CW i+i 
corresponding to crypto-periods CP ± , CPi-i and CP i+1 

30 respectively, a parity parameter p(i) and the access 
control criterion CAi, said message SC-ECMi being 
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intended to carry access rights to a data segment Si 
corresponding to at least two crypto-periods, 

- means of encrypting the keys CWi-i, CW ± , CW i+1 
using a playback key KP C/ 

5 - means of encrypting the encryption result "in the 

previous step using a second service key K' s , 

- means of encrypting the result of the encryption 
in the previous step using a record key KRc* 

10 20. Platform set forth in claim 18, characterised 

in that it also includes: 

- means of breaking down the scrambling . period 
into a sequence of crypto-periods CPi each defining a ■ 
validity duration of an individual key CWi, 

15 - means of encrypting the content of the flow at 

each change of the crypto-period i using the key CWi, 

means of calculating an entitlement control 
message SC-ECMi as a function of the keys CWi-i, CW ± , CW i+ i 
corresponding to crypto-periods CP if CPi_i and CP i+ i 

20 respectively, a parity parameter p(i) and the access 
control criterion CA if said message SC-ECMi being 
intended to carry access rights to a data segment . Si 
corresponding to at least two crypto-periods, 

- means of encrypting the encryption result in the 
25 previous step using a second service key K' s , 

- means of encrypting the control words CWi_ lf CWi, 
CWi+i using a playback key KP C , 

- means of encrypting the encryption result in the 
previous step using, a record key KRc. 



30 
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21. Descrambling receiver (4) of a dataflow 
broadcast in scrambled form using a scrambling key CWi 
including . a security processor including at least one 
key KR C intended to descramble record entitlement 

5 control messages R-ECM C and at least one key KP C 
intended to descramble the play back entitlement 
control messages P-ECM C , receiver characterised in that 
it includes: 

- means of recovering the ECM channel from P-ECM C 
10 messages, and R-ECM C messages from the signal attached 

to the service broadcasting the content; 

- means of decrypting messages R-ECM C using the 
record key KR C to verify the right to record the 
content of a received flow, 

15 - means of decrypting messages P-ECM C using the key 

KP C to verify the right to play back the content of a 
recorded flow. 

22. Receiver set forth in claim 21, characterised 
20 in that it also includes means of generating a local 

key Ki from attributes contained in the receiver 
identity message R-ECM and locally decrypt the content 
of the received flow. 

25 23. Receiver set forth in claim 21, characterised 

in that the security processor is a smart card. 



